Open TobiasWehrum opened 1 year ago
There are many ways to resolve it, but giving an example or two is a great way to help people actually do it. At the very least I like this example:
For example, when a user tries to create an account using an email address, the system could display "If there isn't already an account registered to this email address, we've sent you an email for you to confirm."
How about that?
Would you not send a mail in case of a double registration explaining the situation? Maybe with a "I don't want to receive further notifications" to inhibit spam? I wonder if it does more good (i.e. less confusion if a user forgot their account and tries to register again) or harm (i.e. confusing and/or frighten users despite it being a potential non-issue), depending on how likely either of these cases is.
But apart from that, yeah, sounds good to me as an example.
As a side note... it seems to me that there are a few challenging scenarios here (e.g. wanting to allow people to use the account immediately after signing up even if they email address is not yet confirmed, or having a sign-up during a check-out process). Definitely more complexity than the password recovery scenario.
In the "Minimize Feedback / Information Exposure" section, you write:
I definitely see the point, but I'm not sure what the correct reaction would be.
I guess you could pretend to make the account, and end the flow with "Please confirm your account creation in the mail we sent you." and instead send a mail explaining that you or somebody else tried to make a new account with this mail despite one already existing? Or maybe just display a message like "If there isn't already an account registered to this email adress, we've sent you a mail!" similary to how you'd implement password reset?